Design

Security checks across malware telemetry and agentic risk

Overview

This skill creates and installs design-project skills with local project files; the behavior is disclosed and purpose-aligned, with some setup and activation cautions.

Install only in a workspace where you are comfortable adding a generated design skill and project folder. Review the preview and selected delivery mode before confirming, and avoid putting unrelated secrets or private material into the design project files because future sessions may reload them as project memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to probe global skill directories under the user's home folder to infer an installation prefix, which exceeds what is necessary for fulfilling a workspace-scoped design-skill creation task. That expands filesystem discovery beyond the current project and can expose information about other installed tools, platforms, or user environment details without a clear need or explicit consent.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger examples include broad, natural phrases such as asking for help designing something, which can cause the skill to activate in situations where the user may have intended a one-off discussion rather than installation or project scaffolding. In this skill's context, unintended invocation is more concerning because the README also describes creating files and installing into the current workspace, so an over-broad trigger can lead to unexpected filesystem changes.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README states that the generated project skill is installed into the current workspace and that the directory will automatically grow with multiple files, but it does not clearly warn the user up front that local filesystem modifications will occur. In an agent environment, silent or under-disclosed writes can surprise users, overwrite expectations about workspace cleanliness, and create trust and safety issues even if the feature is intended.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Offering a 'direct install' option without an explicit warning that it writes into the current workspace increases the chance that users authorize an action without understanding its side effects. In this context, the risk is amplified because installation is positioned as immediate and convenient, which can bypass informed consent for workspace modifications.

Vague Triggers

High

Confidence: 88% confidence
Finding: The trigger conditions are very broad and explicitly instruct the system to prioritize this skill whenever the user expresses general design intent, even when the user may only want lightweight brainstorming rather than file-generating automation. This can cause the skill to activate unexpectedly and steer the agent into collecting data and preparing filesystem changes with insufficiently specific user intent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill contains detailed instructions for creating directories, writing files, and packaging ZIP archives, but it does not provide a strong upfront warning that executing the skill will modify the filesystem and create artifacts. Although it asks the user to choose a delivery mode, the overall design primes the agent toward file operations and packaging, which can surprise users and increase the risk of unintended workspace modification.

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill declares that broad, common phrases like '继续', '接下来', and '开始设计' should trigger the skill, which can cause activation in conversations that are not actually asking for this project workflow. That creates a prompt-routing vulnerability: the agent may enter a file-writing, tool-using design workflow unexpectedly, increasing the chance of unintended actions and context hijacking by normal conversation turns.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to create the project directory automatically if it does not exist and then proceed with repeated reads and writes across the project lifecycle. Because this happens as part of startup behavior and the template emphasizes automatic saving, it can modify user files without an explicit per-action confirmation, creating risk of unintended file creation, overwrites, and workspace pollution.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger text is excessively broad and includes generic phrases like '继续', '接下来', '开始设计', and common design-related requests, which can cause the skill to activate in many ordinary conversations where the user did not intend structured project orchestration. Because the skill has write, bash, and web_search tools and an instruction to '优先触发，而非直接进入即时头脑风暴', an accidental trigger can lead to unnecessary file creation, external searches, and workflow hijacking instead of answering the user's immediate request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal